Hello All, I''m using the "Branch Testing" approach documented at https://reductivelabs.com/trac/puppet/wiki/BranchTesting and am seeing an issue with certificates. On all clients, I can run puppetd --masterport=8141 successfully but see the following error when I run against the default (8140) port: err: Could not retrieve configuration: Certificates were not trusted: certificate verify failed If anyone could explain what''s happening with the certificates here, I''d really appreciate it. All the best, Adam Kosmin
On Dec 3, 2007, at 10:30 AM, Adam Kosmin wrote:> On all clients, I can run puppetd --masterport=8141 successfully but > see > the following error when I run against the default (8140) port: > > err: Could not retrieve configuration: Certificates were not trusted: > certificate verify failed > > If anyone could explain what''s happening with the certificates here, > I''d > really appreciate it.Do the two different puppetmaster servers have their SSL certificates signed by the same CA? If not, then the client will only work with the server it initially receives it''s signed certificate from. Cheers, -- Jeff McCune Systems Manager The Ohio State University Department of Mathematics
Hi Jeff, I hope you don''t mind me taking this off list?> > Do the two different puppetmaster servers have their SSL certificates > signed by the same CA? If not, then the client will only work with > the server it initially receives it''s signed certificate from. >I only have 1 puppetmaster server. I''m running my "testing" branch on port 8141 and my "production" branch on the normal port (8140). That said, I certainly didn''t do anything special as far as the certificates go. Here are the conf files I''m using for both instances: [root@e5puppet1 ~]# cat /etc/puppet.production/puppet.conf masterport = 8140 confdir = /etc/puppet.production templatedir = $confdir/templates factsync = true logdir = /var/log/puppet.production rundir = /var/run/puppet.production # Do not change these vardir = /var/lib/puppet ssldir = $vardir/ssl classfile = $vardir/classes.txt localconfig = $vardir/localconfig [puppetmasterd] certname=puppet [root@e5puppet1 ~]# cat /etc/puppet.testing/puppet.conf masterport = 8141 confdir = /etc/puppet.testing templatedir = $confdir/templates factsync = true logdir = /var/log/puppet.testing rundir = /var/run/puppet.testing # Do not change these vardir = /var/lib/puppet ssldir = $vardir/ssl classfile = $vardir/classes.txt localconfig = $vardir/localconfig [puppetmasterd] certname=puppet> Cheers, > -- > Jeff McCune > Systems Manager > The Ohio State University > Department of Mathematics > > _______________________________________________ > Puppet-users mailing list > Puppet-users@madstop.com > https://mail.madstop.com/mailman/listinfo/puppet-users >
On Dec 3, 2007, at 10:53 AM, Adam Kosmin wrote:> Hi Jeff, > > I hope you don''t mind me taking this off list?Not really, though I prefer to keep things public for the search bots.>> >> Do the two different puppetmaster servers have their SSL certificates >> signed by the same CA? If not, then the client will only work with >> the server it initially receives it''s signed certificate from. >> > > I only have 1 puppetmaster server. I''m running my "testing" branch on > port 8141 and my "production" branch on the normal port (8140). That > said, I certainly didn''t do anything special as far as the > certificates > go. Here are the conf files I''m using for both instances:Hrm, I''m not entirely sure what''s going on then... Sorry.> > [root@e5puppet1 ~]# cat /etc/puppet.production/puppet.conf > masterport = 8140 > confdir = /etc/puppet.production > templatedir = $confdir/templates > factsync = true > logdir = /var/log/puppet.production > rundir = /var/run/puppet.production > > # Do not change these > vardir = /var/lib/puppet > ssldir = $vardir/ssl > classfile = $vardir/classes.txt > localconfig = $vardir/localconfig > > [puppetmasterd] > certname=puppet > > > [root@e5puppet1 ~]# cat /etc/puppet.testing/puppet.conf > masterport = 8141 > confdir = /etc/puppet.testing > templatedir = $confdir/templates > factsync = true > logdir = /var/log/puppet.testing > rundir = /var/run/puppet.testing > > # Do not change these > vardir = /var/lib/puppet > ssldir = $vardir/ssl > classfile = $vardir/classes.txt > localconfig = $vardir/localconfig > > [puppetmasterd] > certname=puppet > > >> Cheers, >> -- >> Jeff McCune >> Systems Manager >> The Ohio State University >> Department of Mathematics >> >> _______________________________________________ >> Puppet-users mailing list >> Puppet-users@madstop.com >> https://mail.madstop.com/mailman/listinfo/puppet-users >> > > _______________________________________________ > Puppet-users mailing list > Puppet-users@madstop.com > https://mail.madstop.com/mailman/listinfo/puppet-users-- Jeff McCune Systems Manager The Ohio State University Department of Mathematics